oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed bug in privs check for Survey::www_showFeedback

Browse source
This commit is contained in:
Patrick Donelan 2009-06-09 03:26:44 +00:00
parent cdc44a1bfb
commit 977be654cc
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/WebGUI/Asset/Wobject/Survey.pm
View file

@ -1582,8 +1582,9 @@ sub www_showFeedback {
my $responseUser = WebGUI::User->new($self->session, $responseUserId);
return if !$responseUser;
# Only continue if user owns the response (or user is allowed to view reports)
if ($responseUserId ne $self->session->user->userId && !$responseUser->isInGroup( $self->get('groupToViewReports') )) {
# Only continue if current user is allowed to view this response
unless ( $self->session->user->userId eq $responseUserId || $self->session->user->isInGroup( $self->get('groupToViewReports') ) ) {
$self->session->log->warn("User is not allowed to view responseId: $responseId, which belongs to user: $responseUserId");
return $self->session->privilege->insufficient();
}